Sublime Security

Sublime Core Feed
Exif analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: Exif analysis
Exif analysis looks at embedded metadata in files to uncover suspicious details that could indicate malicious activity. By extracting and analyzing Exif data from images, documents, PDFs, and other attachments, this method can help spot hidden threats that would normally go undetected.
Exif analysis can detect:
Document timestamps that don’t match the claimed origin
Authorship info that conflicts with the sender’s identity
Signs of image or document manipulation
Suspicious tools used to create the file
Geographical data that’s inconsistent with the expected origin
For example, a phishing email claiming to be an invoice might have metadata showing it was created with unauthorized tools, edited recently, or authored by someone outside the company it’s pretending to be from.
Attack Types (6):
BEC/Fraud
Callback Phishing
Credential Phishing
Malware/Ransomware
Extortion
Spam
Tactics & Techniques (12):
PDF
Evasion
Encryption
Social engineering
Macros
Free email provider
Impersonation: Brand
Image as content
Out of band pivot
Scripting
Exploit
LNK
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: PDF generated with wkhtmltopdf tool and default title
14d ago
Dec 19th, 2025
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Malware/Ransomware
PDF
Evasion
File analysis
Exif analysis
BEC/Fraud
Callback Phishing
Credential Phishing
Malware/Ransomware
PDF
Evasion
File analysis
Exif analysis
/feeds/core/detection-rules/attachment-pdf-generated-with-wkhtmltopdf-tool-and-default-title-64e6c8a8
Attachment: Encrypted PDF with credential theft body
1mo ago
Dec 1st, 2025
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Legal themed message or PDF with suspicious indicators
1mo ago
Dec 1st, 2025
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
/feeds/core/detection-rules/attachment-legal-themed-message-or-pdf-with-suspicious-indicators-19133301
Attachment: Excel file with suspicious template identifier
3mo ago
Sep 17th, 2025
Sublime Security
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-excel-file-with-suspicious-template-identifier-40f84b4b
Attachment: Suspicious PDF created with headless browser
3mo ago
Sep 17th, 2025
Sublime Security
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: XLSX file with suspicious print titles metadata
3mo ago
Sep 16th, 2025
Sublime Security
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
/feeds/core/detection-rules/attachment-xlsx-file-with-suspicious-print-titles-metadata-4c265cbe
Attachment: Fictitious invoice using LinkedIn's address
4mo ago
Sep 3rd, 2025
Sublime Security
BEC/Fraud
PDF
Social engineering
File analysis
Optical Character Recognition
Natural Language Understanding
Content analysis
Exif analysis
BEC/Fraud
PDF
Social engineering
File analysis
Optical Character Recognition
Natural Language Understanding
Content analysis
Exif analysis
/feeds/core/detection-rules/attachment-fictitious-invoice-using-linkedins-address-aeee3d9f
Attachment: PDF file with link to fake Bitcoin exchange
5mo ago
Aug 5th, 2025
Sublime Security
BEC/Fraud
Free email provider
Impersonation: Brand
PDF
Social engineering
Exif analysis
File analysis
Sender analysis
URL analysis
BEC/Fraud
Free email provider
Impersonation: Brand
PDF
Social engineering
Exif analysis
File analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Spam: Item giveaway spam template
5mo ago
Aug 5th, 2025
Sublime Security
Spam
Image as content
Content analysis
HTML analysis
Sender analysis
Exif analysis
Spam
Image as content
Content analysis
HTML analysis
Sender analysis
Exif analysis
/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b
Callback phishing: Social Security Administration fraud
5mo ago
Aug 5th, 2025
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback phishing: AOL senders with suspicious HTML template or PDF attachment
5mo ago
Aug 5th, 2025
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: Callback phishing solicitation via pdf file
5mo ago
Aug 5th, 2025
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Office document with VSTO add-in
5mo ago
Aug 5th, 2025
@vector_sec
Malware/Ransomware
Scripting
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
URL analysis
Malware/Ransomware
Scripting
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: Emotet heavily padded doc in zip file
5mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
Malware/Ransomware
Evasion
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: PowerPoint with suspicious hyperlink
3y ago
Aug 21st, 2023
Sublime Security
Malware/Ransomware
Evasion
Scripting
Exif analysis
File analysis
Malware/Ransomware
Evasion
Scripting
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: LNK with embedded content
3y ago
Aug 21st, 2023
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: PDF generated with wkhtmltopdf tool and default title	14d ago Dec 19th, 2025	Sublime Security	BEC/Fraud Callback Phishing Credential Phishing Malware/Ransomware PDF Evasion File analysis Exif analysis	/feeds/core/detection-rules/attachment-pdf-generated-with-wkhtmltopdf-tool-and-default-title-64e6c8a8
Attachment: Encrypted PDF with credential theft body	1mo ago Dec 1st, 2025	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Legal themed message or PDF with suspicious indicators	1mo ago Dec 1st, 2025	Sublime Security	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis	/feeds/core/detection-rules/attachment-legal-themed-message-or-pdf-with-suspicious-indicators-19133301
Attachment: Excel file with suspicious template identifier	3mo ago Sep 17th, 2025	Sublime Security	Credential Phishing Evasion Macros Exif analysis File analysis	/feeds/core/detection-rules/attachment-excel-file-with-suspicious-template-identifier-40f84b4b
Attachment: Suspicious PDF created with headless browser	3mo ago Sep 17th, 2025	Sublime Security	Credential Phishing Evasion PDF Content analysis Exif analysis File analysis Optical Character Recognition	/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: XLSX file with suspicious print titles metadata	3mo ago Sep 16th, 2025	Sublime Security	Credential Phishing Evasion Macros File analysis Exif analysis	/feeds/core/detection-rules/attachment-xlsx-file-with-suspicious-print-titles-metadata-4c265cbe
Attachment: Fictitious invoice using LinkedIn's address	4mo ago Sep 3rd, 2025	Sublime Security	BEC/Fraud PDF Social engineering File analysis Optical Character Recognition Natural Language Understanding Content analysis Exif analysis	/feeds/core/detection-rules/attachment-fictitious-invoice-using-linkedins-address-aeee3d9f
Attachment: PDF file with link to fake Bitcoin exchange	5mo ago Aug 5th, 2025	Sublime Security	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Spam: Item giveaway spam template	5mo ago Aug 5th, 2025	Sublime Security	Spam Image as content Content analysis HTML analysis Sender analysis Exif analysis	/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b
Callback phishing: Social Security Administration fraud	5mo ago Aug 5th, 2025	Sublime Security	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	5mo ago Aug 5th, 2025	Sublime Security	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: Callback phishing solicitation via pdf file	5mo ago Aug 5th, 2025	Sublime Security	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Office document with VSTO add-in	5mo ago Aug 5th, 2025	@vector_sec	Malware/Ransomware Scripting Archive analysis Content analysis Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: Emotet heavily padded doc in zip file	5mo ago Jul 16th, 2025	Sublime Security	Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: PowerPoint with suspicious hyperlink	3y ago Aug 21st, 2023	Sublime Security	Malware/Ransomware Evasion Scripting Exif analysis File analysis	/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: LNK with embedded content	3y ago Aug 21st, 2023	@ajpc500	Malware/Ransomware Exploit LNK Scripting Content analysis Exif analysis File analysis	/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a